Skip to content

refactor: Bump js-yaml from 3.14.1 to 3.14.2 #3022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mtrezza merged 1 commit into from
Nov 27, 2025
Merged

refactor: Bump js-yaml from 3.14.1 to 3.14.2 #3022

mtrezza merged 1 commit into from
Nov 27, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 26, 2025
edited
Loading

Bumps js-yaml from 3.14.1 to 3.14.2.

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Nov 26, 2025
@parse-github-assistant
Copy link

parse-github-assistant bot commented Nov 26, 2025

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title refactor: bump js-yaml from 3.14.1 to 3.14.2 refactor: Bump js-yaml from 3.14.1 to 3.14.2 Nov 26, 2025
@coderabbitai
Copy link

coderabbitai bot commented Nov 26, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@parseplatformorg
Copy link
Contributor

parseplatformorg commented Nov 26, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.14.2 branch 3 times, most recently from e4978c5 to 7087eac Compare November 27, 2025 18:29
@dependabot
refactor: bump js-yaml from 3.14.1 to 3.14.2
e34c11b 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.14.2 branch from 7087eac to e34c11b Compare November 27, 2025 18:39
@mtrezza mtrezza merged commit 3e4811f into alpha Nov 27, 2025
11 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/js-yaml-3.14.2 branch November 27, 2025 22:44
@parseplatformorg
Copy link
Contributor

parseplatformorg commented Nov 28, 2025

🎉 This change has been released in version 8.1.0-alpha.7

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Nov 28, 2025
@parseplatformorg
Copy link
Contributor

parseplatformorg commented Dec 1, 2025

🎉 This change has been released in version 8.1.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Dec 1, 2025
beiguancyc pushed a commit to beiguancyc/parse-dashboard that referenced this pull request Dec 16, 2025
@cycqitianwushuge
Merge commit '68e9be3a35edb730db5a0174b0dab5e763e67622'
fef9bd6 
* commit '68e9be3a35edb730db5a0174b0dab5e763e67622': (31 commits)
  chore(release): 8.1.0 [skip ci]
  empty commit to trigger CI
  chore(release): 8.1.0-alpha.13 [skip ci]
  feat: Upgrade to parse 7.1.2 (parse-community#3038)
  chore(release): 8.1.0-alpha.12 [skip ci]
  fix: Data browser export triggers confirmation dialog for navigating with selected rows (parse-community#3037)
  chore(release): 8.1.0-alpha.11 [skip ci]
  fix: Info panel may show stale data of previous objects when refreshing the data table or navigating between classes (parse-community#3036)
  chore(release): 8.1.0-alpha.10 [skip ci]
  feat: Remember info panel width and count across browser sessions (parse-community#3031)
  chore(release): 8.1.0-alpha.9 [skip ci]
  refactor: Bump @babel/preset-env from 7.27.2 to 7.28.5 (parse-community#3017)
  refactor: Security upgrade body-parser from 2.2.0 to 2.2.1 (parse-community#3021)
  fix: Selected saved filter is not expanded in sidebar when reloading browser page (parse-community#3029)
  chore(release): 8.1.0-alpha.8 [skip ci]
  feat: Remember selected column when navigating between saved filters of a class with auto-load first row enabled (parse-community#3028)
  chore(release): 8.1.0-alpha.7 [skip ci]
  fix: Info panel data not reloading when clicking refresh button in data browser (parse-community#3027)
  refactor: Bump js-yaml from 3.14.1 to 3.14.2 (parse-community#3022)
  chore(release): 8.1.0-alpha.6 [skip ci]
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code state:released Released as stable version state:released-alpha Released as alpha version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@parseplatformorg @mtrezza